Secure delegation using public key authentication
First Claim
Patent Images
1. A computer program product for impersonating a client to a plurality of servers, comprising:
- a computer usable storage medium having computer readable program code embodied therein, the computer readable program code comprising;
computer readable program code that obtains by a middle tier server, a common nonce that is created based at least in part upon a pre-nonce contribution from each of a plurality of back-end servers, wherein the common nonce is generated from an entity other than the client that the middle tier server is to impersonate or the plurality of back-end servers that the middle tier server is to interact with on behalf of the client;
computer readable program code that receives by the middle tier server, a request from the client for a transaction with at least one of the plurality of back-end servers;
computer readable program code that provides the common nonce from the middle tier server to the client;
computer readable program code that receives the common nonce signed by the client with the client'"'"'s digital signature at the middle-tier server; and
computer readable program code that impersonates the client by the middle tier server interacting with a selected one of the plurality of back-end servers for implementation of the client request on behalf of the client by providing the signed common nonce and the client request from the middle tier server to at least one of the plurality of back-end servers so as to authenticate the client to the plurality of servers for implementation of the client request on behalf of the client.
0 Assignments
0 Petitions
Accused Products
Abstract
A client is impersonalized to a plurality of servers using a middle-tier server. A common nonce associated with each of the plurality of servers is obtained and the common nonce is provided to the client. The common nonce signed by the client is received at the middle-tier server and provided as a signature for transactions from the client to the plurality of servers so as to authenticate the client to the plurality of servers.
28 Citations
20 Claims
-
1. A computer program product for impersonating a client to a plurality of servers, comprising:
-
a computer usable storage medium having computer readable program code embodied therein, the computer readable program code comprising; computer readable program code that obtains by a middle tier server, a common nonce that is created based at least in part upon a pre-nonce contribution from each of a plurality of back-end servers, wherein the common nonce is generated from an entity other than the client that the middle tier server is to impersonate or the plurality of back-end servers that the middle tier server is to interact with on behalf of the client; computer readable program code that receives by the middle tier server, a request from the client for a transaction with at least one of the plurality of back-end servers; computer readable program code that provides the common nonce from the middle tier server to the client; computer readable program code that receives the common nonce signed by the client with the client'"'"'s digital signature at the middle-tier server; and computer readable program code that impersonates the client by the middle tier server interacting with a selected one of the plurality of back-end servers for implementation of the client request on behalf of the client by providing the signed common nonce and the client request from the middle tier server to at least one of the plurality of back-end servers so as to authenticate the client to the plurality of servers for implementation of the client request on behalf of the client. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system for impersonating a client to a plurality of servers, comprising:
a middle tier server in data communication with a plurality of back-end servers, said middle tier server having a processor, memory and program code resident in the memory, where the program code resident in the memory is executable by the processor to impersonate a client to a plurality of servers by executing code configured to; obtain by a middle tier server, a common nonce that is created based at least in part upon a pre-nonce contribution from each of a plurality of back-end servers, wherein the common nonce is generated from an entity other than the client that the middle tier server is to impersonate or the plurality of back-end servers that the middle tier server is to interact with on behalf of the client; receive by the middle tier server, a request from the client for a transaction with at least one of the plurality of back-end servers; provide the common nonce from the middle tier server to the client; receive the common nonce signed by the client with the client'"'"'s digital signature at the middle-tier server; and impersonate the client by the middle tier server interacting with a selected one of the plurality of back-end servers for implementation of the client request on behalf of the client by providing the signed common nonce and the client request from the middle tier server to at least one of the plurality of back-end servers so as to authenticate the client to the plurality of servers for implementation of the client request on behalf of the client. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
Specification